ThreatPress

WordPress Vulnerabilities Database

Back

WordPress User Submitted Posts plugin <= 20190426 - Arbitrary File Upload vulnerability

Product
User Submitted Posts
Description
Arbitrary File Upload vulnerability found by NinTechNet in WordPress User Submitted Posts plugin (versions <= 20190426). Apache + PHP FastCGI required for exploitation of this vulnerability.
Solution
Update the WordPress User Submitted Posts plugin to the latest available version (at least 20190501).
Classification
Type Arbitrary File Upload
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 20190426
Fixed In 20190501
Disclosure date
2019-06-11
Credits
NinTechNet
Submitter
ThreatPress